CVE-2022-31026

EPSS 1%
Veröffentlicht 09.06.2022 13:15:08
Zuletzt bearbeitet 21.11.2024 07:03:44
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Use of Uninitialized Variable in trilogy

Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should upgrade to version 2.1.1 This issue can be avoided by only connecting to trusted servers.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Trilogy Project ≫ Trilogy SwPlatformruby Version < 2.1.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1%	0.583

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
security-advisories@github.com	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://github.com/github/trilogy/commit/6bed62789eaf119902b0fe247d2a91d56c31a962

Patch

Third Party Advisory

https://github.com/github/trilogy/security/advisories/GHSA-5g4r-2qhx-vqfm

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-31026

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-31026

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-31026

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-31026